cbcvebase.

Siemens Ruggedcom Rugged Operating System vulnerabilities

9 known vulnerabilities affecting siemens/ruggedcom_rugged_operating_system.

Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2012-1803P2HIGHCVSS 8.5PoC≥ 3.2.0, ≤ 3.10.12012-04-28
CVE-2012-1803 [HIGH] CWE-310 CVE-2012-1803: RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password der RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session.
nvd
CVE-2012-2441P3HIGHCVSS 8.5PoCfixed in 3.3.02012-04-28
CVE-2012-2441 [HIGH] CVE-2012-2441: RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived fro RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
nvd
CVE-2013-6925P3HIGHCVSS 8.3fixed in 3.12.22013-12-17
CVE-2013-6925 [HIGH] CWE-330 CVE-2013-6925: The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.
nvd
CVE-2013-6926P3HIGHCVSS 8.0fixed in 3.12.22013-12-17
CVE-2013-6926 [HIGH] CWE-863 CVE-2013-6926: The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.
nvd
CVE-2014-1966P3HIGHCVSS 7.8fixed in 3.11.0≥ 3.12, < 3.12.4+2 more2014-02-24
CVE-2014-1966 [HIGH] CVE-2014-1966: The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3 The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 for RS950G, ROS 3.12 before 3.12.4, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (device outage) via crafted packets.
nvd
CVE-2014-2590P4MEDIUMCVSS 5.0fixed in 3.11.0≥ 3.12, < 3.12.4+2 more2014-04-01
CVE-2014-2590 [MEDIUM] CWE-306 CVE-2014-2590: The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets.
nvd
CVE-2015-6675P4MEDIUMCVSS 4.3v3.8.0v4.0.0+1 more2015-09-11
CVE-2015-6675 [MEDIUM] CWE-284 CVE-2015-6675: Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allow Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.
nvd
CVE-2015-5537P4MEDIUMCVSS 4.3fixed in 4.2.02015-08-03
CVE-2015-5537 [MEDIUM] CVE-2015-5537: The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properl The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
nvd
CVE-2015-7836P4LOWCVSS 3.3≤ 4.2.02015-10-28
CVE-2015-7836 [LOW] CWE-200 CVE-2015-7836: Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffi Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame.
nvd
Siemens Ruggedcom Rugged Operating System vulnerabilities | cvebase